CVE-2023-49313

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data...

EUVD-2020-30331

Malware in sbrugna...

EUVD-2019-6342

Malware in sbrugna...

EUVD-2019-6351

Malware in sbrugna...

EUVD-2020-30334

Malware in sbrugna...

EUVD-2019-3056

Malware in sbrugna...

EUVD-2017-17022

Malware in sbrugna...

EUVD-2023-54147

Malicious code in bioql PyPI...

EUVD-2025-2769

Malicious code in bioql PyPI...

EUVD-2025-2890

Malicious code in bioql PyPI...

EUVD-2023-58580

Malicious code in bioql PyPI...

EUVD-2022-42466

Malicious code in bioql PyPI...

CVE-2025-22388

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting XSS vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or...

CVE-2024-28193

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify A...

CVE-2012-4475

The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors...

PT-2025-20285 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions up to and including 3.3.0 Description: An unauthenticated SQL Injection issue was identified in the endpoint "/html/socio/sistema/get socios.php", specifically in the query parameter. This allows attackers to inject and execute...

CVE-2025-24850

An attacker can export other users' plant information...

CVE-2024-12871

An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the payload is executed in the context of the user's browser. This can lead to session hijacking, data exfiltration, or...

CVE-2020-29010

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensiti...

CVE-2025-26659 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting XSS vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, the...